data_engine is not connecting to the UIM database

Document ID : KB000094850
Last Modified Date : 06/05/2018
Show Technical Document Details
Issue:
Errors in the data_engine log:

Dec 7 23:14:11:589 [6844] de: [main] Open - 1 errors
Dec 7 23:14:11:589 [6844] de: (1) Open [Microsoft OLE DB Provider for SQL Server] [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.
Dec 7 23:14:11:589 [6844]
de: COM Error [0x80004005] Unspecified error - [Microsoft OLE DB Provider for SQL Server] [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error

Environment:
  • UIM 8.51 SP1
  • Microsoft SQL Server 2008 or higher
Cause:
TLS 1.2 is not currently supported by the data_engine.

PCI DSS 3.1 compliance requires TLS 1.0 be replaced with TLS 1.1 or TLS 1.2 by June 2018 (see the
PCI Security Standards press release).  UIM needs to install, run, and upgrade using a Microsoft SQL Server database which is configured to only allow TLS 1.2 connections.
 
Resolution:
  • CA UIM v8.51 does not currently support TLS v1.2 / 1.1 encrypted communication
  • CA UIM development is working on certifying UIM DB to support TLS v1.2 in UIM v9.0. Certification work for TLS 1.2/1.1 is in progress.
  • TLS v1.2 is scheduled to be supported for the data_engine in UIM v9.0 at the end of June 2018.
  • Note that several other probes have to make calls to the UIM database so currently those probes would also be blocked by SSL.
  • No registry entries should be set for TLS on the UIM database server, e.g.,
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  • IMPORTANT: For UIM v8.51, TLS v1.0 MUST be Enabled on the database server, but TLS v1.0 is normally enabled by default so you should not have to change anything.
  • Even if hubs are setup to use TLS v1.2 communication, the data being sent over to the database through the data_engine will not support TLS v1.2 until UIM v9.0.
  • As of UIM 9.0, for supporting the CA UIM database configured for TLS 1.2, there will be a series of configurations that need to be completed, as well as changes to the registry.
  • Details for each backend database type will be published in the help documentation for UIM 9.0 when it is released.
Additional Information:
Please refer to the following link for more information:

TLS 1.2 support for Microsoft SQL Server
https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server